Log combofix


(Marek Badura) #1

ComboFix 09-04-13.A2 - monika 2009-04-13 19:05.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.1919.1030 [GMT 2:00]

Uruchomiony z: c:\users\monika\Downloads\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\FunWebProducts

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\4.bin\F3BKGERR.JPG

c:\program files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL

c:\program files\MyWebSearch\bar\4.bin\F3REPROX.DLL

c:\program files\MyWebSearch\bar\4.bin\F3SPACER.WMV

c:\program files\MyWebSearch\bar\4.bin\F3WALLPP.DAT

c:\program files\MyWebSearch\bar\4.bin\FWPBUDDY.PNG

c:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR

c:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST

c:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR

c:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST

c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S

c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S

c:\program files\MyWebSearch\bar\Game\CHESS.F3S

c:\program files\MyWebSearch\bar\Game\REVERSI.F3S

c:\program files\MyWebSearch\bar\icons\CM.ICO

c:\program files\MyWebSearch\bar\icons\MFC.ICO

c:\program files\MyWebSearch\bar\icons\PSS.ICO

c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

c:\program files\MyWebSearch\bar\icons\WB.ICO

c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO

c:\program files\MyWebSearch\bar\Message\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\DOG.F3S

c:\program files\MyWebSearch\bar\Notifier\FISH.F3S

c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\program files\MyWebSearch\bar\Notifier\MAID.F3S

c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S

c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\windows\system32\drivers\ovfsthbermoxpsjpnietqdcepipwqohtgtyxpc.sys

c:\windows\system32\ovfsthiekvubdsexkwgkubfhnysfcctwoqlnei.dat

c:\windows\system32\ovfsthpvhlkwswsavfnxkhklykbvdqwxcoeyax.dat

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_MyWebSearchService

((((((((((((((((((((((((( Pliki utworzone od 2009-03-13 do 2009-04-13 )))))))))))))))))))))))))))))))

.

2009-04-13 07:24 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-04-13 07:24 . 2009-04-13 07:24 -------- d-----w c:\users\All Users\Avira

2009-04-13 07:24 . 2009-04-13 07:24 -------- d-----w c:\programdata\Avira

2009-04-12 07:28 . 2009-04-13 17:12 -------- d-----w c:\users\monika\AppData\Roaming\Auto-Backup

2009-04-07 07:50 . 2008-02-23 04:38 170496 ----a-w c:\windows\system32\tcpipcfg.dll

2009-04-07 07:50 . 2008-02-23 02:41 22528 ----a-w c:\windows\system32\netiougc.exe

2009-04-06 22:06 . 2009-04-06 22:06 -------- d-----w c:\users\All Users\CheckPoint

2009-04-06 22:06 . 2009-04-06 22:06 -------- d-----w c:\programdata\CheckPoint

2009-04-06 22:04 . 2009-04-13 17:11 -------- d-----w c:\windows\Internet Logs

2009-04-05 10:11 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll

2009-04-05 08:32 . 2009-04-05 10:00 -------- d-----w c:\users\All Users\Symantec

2009-04-05 08:32 . 2009-04-05 10:00 -------- d-----w c:\programdata\Symantec

2009-04-04 12:26 . 2009-04-04 12:26 -------- d-----r c:\users\monika\Videos

2009-04-01 09:16 . 2009-04-01 09:16 -------- d-----w C:\CLT

2009-03-30 09:06 . 2009-03-30 09:06 118 ----a-w c:\windows\system32\MRT.INI

2009-03-28 12:03 . 2009-03-28 12:03 108336 ----a-w c:\windows\system32\mswinsck.ocx

2009-03-28 10:52 . 2009-03-28 13:00 -------- d-----w C:\00000082

2009-03-27 19:45 . 2009-03-27 19:45 -------- d-----w c:\windows\system32\IOSUBSYS

2009-03-27 11:40 . 2009-03-27 11:40 -------- d-----r c:\users\Public\Videos

2009-03-27 08:17 . 2009-03-27 23:14 -------- d-----w c:\users\monika\AppData\Roaming\CamTrack

2009-03-27 08:14 . 2007-02-28 12:00 108752 ----a-w c:\windows\system32\drivers\dptrackerd.sys

2009-03-27 07:54 . 2009-03-27 07:55 -------- d-----w c:\users\monika\AppData\Roaming\Webcammax

2009-03-15 10:01 . 2009-03-15 10:01 2 ----a-w C:-1403702282

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-13 17:11 . 2009-04-08 11:00 350192 ---ha-w c:\windows\system32\drivers\vsconfig.xml

2009-04-13 17:10 . 2008-10-22 21:09 65536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2009-04-13 17:10 . 2008-10-22 21:09 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2009-04-13 17:10 . 2008-10-22 21:09 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2009-04-13 17:10 . 2009-04-13 17:10 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

2009-04-13 17:10 . 2009-04-13 17:10 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

2009-04-13 16:45 . 2008-11-21 16:34 -------- d-----w c:\users\monika\AppData\Roaming\Skype

2009-04-13 16:43 . 2008-11-21 16:45 -------- d-----w c:\users\monika\AppData\Roaming\skypePM

2009-04-13 10:53 . 2009-04-13 07:40 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009041320090414\index.dat

2009-04-13 08:56 . 2008-10-26 20:28 -------- d-----w c:\users\monika\AppData\Roaming\uTorrent

2009-04-13 07:24 . 2009-04-13 07:24 -------- d-----w c:\program files\Avira

2009-04-12 07:28 . 2009-04-12 07:28 -------- d-----w c:\program files\Auto-Backup

2009-04-08 11:02 . 2009-04-07 07:50 -------- d-----w c:\program files\AskBarDis

2009-04-08 11:01 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-04-08 11:01 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat

2009-04-08 11:01 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-04-07 07:49 . 2009-04-07 07:49 -------- d-----w c:\program files\Zone Labs

2009-04-05 10:15 . 2009-01-09 10:56 -------- d-----w c:\programdata\Norton

2009-04-05 10:11 . 2009-04-05 10:11 -------- d-----w c:\program files\Alwil Software

2009-04-05 10:00 . 2008-07-21 08:51 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-04-05 09:26 . 2009-01-09 10:56 -------- d-----w c:\programdata\NortonInstaller

2009-04-01 22:08 . 2009-04-01 22:08 -------- d-----w c:\program files\Norton Internet Security(4)

2009-04-01 22:07 . 2009-04-01 22:07 -------- d-----w c:\program files\NortonInstaller(5)

2009-03-27 19:45 . 2008-07-21 08:44 -------- d-----w c:\program files\Google

2009-03-26 23:20 . 2009-02-27 09:52 -------- d-----r c:\program files\Skype

2009-03-25 10:23 . 2008-11-12 10:55 -------- d-----w c:\program files\Java

2009-03-12 09:15 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-03-11 20:00 . 2008-11-22 16:50 -------- d-----w c:\users\monika\AppData\Roaming\VoipDiscount

2009-03-09 04:19 . 2008-11-12 10:55 410984 ----a-w c:\windows\System32\deploytk.dll

2009-03-08 13:05 . 2009-01-18 19:39 -------- d---a-w c:\programdata\TEMP

2009-03-07 20:40 . 2008-12-27 17:05 -------- d-----w c:\program files\INTERIAPL

2009-02-27 09:52 . 2008-11-21 12:10 -------- d-----w c:\programdata\Skype

2009-02-27 09:52 . 2009-02-27 09:52 -------- d-----w c:\program files\Common Files\Skype

2009-02-15 22:11 . 2009-04-08 11:00 293528 ----a-w c:\windows\system32\drivers\vsdatant.sys

2009-02-15 22:10 . 2009-04-08 11:01 1221512 ----a-w c:\windows\System32\zpeng25.dll

2009-02-09 03:10 . 2009-03-12 08:10 2033152 ----a-w c:\windows\System32\win32k.sys

2009-01-15 06:11 . 2009-03-07 12:17 827392 ----a-w c:\windows\System32\wininet.dll

2008-11-21 16:45 . 2008-11-21 16:45 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-11-21 16:45 . 2008-11-21 16:45 56 ---ha-w c:\programdata\ezsidmv.dat

2008-10-30 10:08 . 2008-10-22 22:17 49824 ----a-w c:\users\monika\AppData\Local\GDIPFONTCACHEV1.DAT

2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-06-30 12:2008-07-21 08:58 44:08 . c:\program files\mozilla firefox\components\coFFPlgn.dll

2008-07-21 08:2008-07-21 08:45 45:34 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-10-16 18:22 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]

"VoipDiscount"="c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2008-12-01 9073976]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Auto-Backup"="c:\program files\Auto-Backup\Auto-Backup.exe" [2009-02-24 1384448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-21 29744]

"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CF056C8D-D8B9-484B-A4B0-BCDE02D393F4}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{0E7CD62C-5401-4B66-819D-4CAA2F6B6B01}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{40810008-79EF-4C3B-8FAF-3513C2745C36}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{756E7DF0-7D44-4931-A5CC-58244DFF7804}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{354BE2A3-75E7-46A4-A7E8-08C55785FDC5}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{7A00BF2A-3405-4D03-A1D5-9906FAF8C761}"= UDP:c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount

"{0854B72C-2D30-4107-BE3B-CC977B09DF58}"= TCP:c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:VoipDiscount

"TCP Query User{D383D5D1-E519-4907-815B-167535631FCD}c:\program files\utorrent\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{F5CD9249-68BF-4ED8-9C73-2D72337CC53C}c:\program files\utorrent\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"{9D6F5B79-0917-4FCB-828C-AD318AFBA664}"= UDP:c:\users\monika\AppData\Local\Temp\WZSE1.TMP\SymNRT.exe:Norton Removal Tool

"{46AB2D74-ADA9-443B-BFB5-4D48C69A6E5B}"= TCP:c:\users\monika\AppData\Local\Temp\WZSE1.TMP\SymNRT.exe:Norton Removal Tool

"{F720BC58-D312-4F60-995E-23EA47B1A885}"= Disabled:UDP:c:\users\monika\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

"{3F0686AA-44AD-4D7C-873E-484AC124A171}"= Disabled:TCP:c:\users\monika\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

"{00F12E65-4A79-4845-B18F-05401185639D}"= Disabled:UDP:c:\users\monika\AppData\Local\Temp\7zS6A56.tmp\SymNRT.exe:Norton Removal Tool

"{7075BEE1-5B9C-4B91-812F-C9B4EA8EAE0E}"= Disabled:TCP:c:\users\monika\AppData\Local\Temp\7zS6A56.tmp\SymNRT.exe:Norton Removal Tool

"{76CCD437-9DA1-4DDC-968C-77128AD2B9C5}"= Disabled:UDP:c:\users\monika\AppData\Local\Temp\7zS453A.tmp\SymNRT.exe:Norton Removal Tool

"{89AD6C5A-BA75-4744-985C-D06F80FBA5C7}"= Disabled:TCP:c:\users\monika\AppData\Local\Temp\7zS453A.tmp\SymNRT.exe:Norton Removal Tool

"{71C24431-CC7F-4842-9C20-E2AFFD1B9B1B}"= Disabled:UDP:c:\users\monika\AppData\Local\Temp\7zS12A5.tmp\SymNRT.exe:Norton Removal Tool

"{5ECE5468-3690-4CDF-AE1E-99190920AA8A}"= Disabled:TCP:c:\users\monika\AppData\Local\Temp\7zS12A5.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R2 .norton2009Reset;Norton2009 Reset;c:\programdata\Norton\Norton2009Reset.exe [2009-03-28 281625]

S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]

S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2008-09-24 460288]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-09-09 48128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{044bd3cb-da39-11dd-a69d-00221562ce0d}]

\shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{51ea1038-a75a-11dd-954a-00221562ce0d}]

\shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d999346-c128-11dd-a663-00221562ce0d}]

\shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8d39abbf-a761-11dd-aedb-806e6f6e6963}]

\shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence

.

Zawartość folderu 'Zaplanowane zadania'

2009-03-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - monika.job

  • c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

.

  • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://go.packardbell.com/?id=9525

FF - ProfilePath - c:\users\monika\AppData\Roaming\Mozilla\Firefox\Profiles\gs00l5oa.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=fi ... l:official

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-13 19:13

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\System32\audiodg.exe

c:\windows\System32\ZoneLabs\vsmon.exe

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\program files\ATK Hotkey\HControl.exe

c:\windows\System32\WUDFHost.exe

c:\program files\ATK Hotkey\ATKOSD.exe

c:\program files\ATK Hotkey\WDC.exe

c:\windows\System32\conime.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Czas ukończenia: 2009-04-13 19:16 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-04-13 17:16

Przed: 24 368 304 128 bajtów wolnych

Po: 27,579,314,176 bajtów wolnych

267 --- E O F --- 2009-04-03 18:27